Klaus John, Proxy Authenticator Approach of a Signature based Single Sign on Proxy Solution for e-‐Government Applications
•
0 gefällt mir•1,508 views
#CeDEM13 Day 2 afternoon, Reflections, Main Hall, Chair: Morten Meyerhoff Nielsen
Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Andere mochten auch
Andere mochten auch (7)
Ähnlich wie Klaus John, Proxy Authenticator Approach of a Signature based Single Sign on Proxy Solution for e-‐Government Applications
Ähnlich wie Klaus John, Proxy Authenticator Approach of a Signature based Single Sign on Proxy Solution for e-‐Government Applications (20)
Mehr von Danube University Krems, Centre for E-Governance
Mehr von Danube University Krems, Centre for E-Governance (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Klaus John, Proxy Authenticator Approach of a Signature based Single Sign on Proxy Solution for e-‐Government Applications
- 1. Service Layer Help Layer Customer Layer Browser www.Help.gv.at Portal MOA-‐ID STORK MOCCA STORK eDelivery eSafe HV-‐Services CiDzen MOCCA Server MOA-‐ID Server Graphics Internet Internet eDelivery eSafe HV-‐Services 26.05.13 1 Proxy AuthenDcator eGovernment official Channel InformaDon
- 2. Help.gv.at: Login via Mobile 26.05.13 2 eGovernment official Channel InformaDon
- 3. Customer Layer myHelp Layer Service Layer Browser eDelivery eSafe HV-‐Services MOA-‐ID STORK MOCCA STORK MOA-‐ID STORK MOCCA STORK CerDficate & Private Key in accordance to §35 ZustG in Austria CiDzen MOCCA Server MOA-‐ID Server Graphics eDelivery, eSave, HV-‐Services CerDficate GeneraDon (pkcs12 Container) ‚ [RegistraDon/Re-‐entry (a^er First RegistraDon)] opDonal CerDficate Private Key 1 2 CerDficate GeneraDon Internet Internet 1 2 26.05.13 3 www.myHelp.gv.at Portal MOA-‐ID STORK MOCCA STORK eSafe HV-‐Services CerDficate & Private Key 1 eDelivery 2 1
- 4. BRZ eDelivery Service: Create CerDficate 26.05.13 4
- 5. BRZ eDelivery Service: pkcs12 Container saved 26.05.13 5
- 6. Help.gv.at: Connect to BRZ eDelivery Service 26.05.13 6 BRZ eDelivery Service
- 7. Service Domain myHelp Domain Private User Domain Domain Model: Login Request 26.05.13 7 CiDzen‘s Client Proxy AuthenDcator (Client Proxy) myHelp.gv.at Key Share Holder 1 BRZ login page, … eDelivery Service meinBrief login page, … eDelivery Service Post Server login page, … eDelivery Service Key Share Holder n 1. URL 2. request login shared Key n shared Key 1 shared Key request shared Key 1-‐n
- 8. BRZ eDelivery Service: Upload pkcs12 Container 26.05.13 8
- 9. BRZ eDelivery Service: Show Inbox (2 Objects) 26.05.13 9
- 10. Sequence Diagram Data Access CiDzen myHelp ProxyAuthenDcator KeySharholder 1 KeySharholder n Database meinBrief getData validaDon < < < < getData getSharedKeyPart 1 getSharedKeyPart n validaDon < reconstructSharedKey < loadPrivateKey + CerDficate < decryptPrivateKey + CerDficate < connect Post Server BRZ eDeliveryService 26.05.13 10
- 11. Components for secure saving of the eDelivery CerDficates in myHelp.gv.at Key Upload Policy Server LDAP MeinBrief eDelivery Service load access Data Key1 Access (eDelivery Correspondence) myHelp.gv.at load CerDficate + Policy Key Site Minder (AuthenDcaDon) store CerDficate + Policy Key store get Key2+Key3 Key3 upload CerDficate + Private Key MySQL Post Server eDelivery Service BRZ eDelivery Service Key2 based on (bPK+Key2+Key3) 26.05.13 11